---
layout: docs
page_title: Domain Model - Users
description: |-
  The anatomy of a Boundary user
---

# Users

A user is a resource
that represents an individual person or entity
for the purposes of access control.
A user can be associated with zero or more [accounts][].
A user authenticates to Boundary through an associated account
and must be associated with at least one account before they can access Boundary.

A user is also a principal
which allows it to be assigned to [roles][].
A user receives all the [permissions][]
of the roles assigned directly to the user
and all the permissions of roles assigned to [groups][] the user is in.

Users can be defined at either a [Global][] or [Organization][] [scope][].
A user can only be associated with accounts from an [auth method][]
configured in the same scope.

## Attributes

A user has the following configurable attributes:

- `name` - (optional)
  If set, the `name` must be unique within the user's immediate parent [scope][].

- `description` - (optional)

## Referenced By

- [Account][]
- [Global][]
- [Group][]
- [Organization][]
- [Role][]

[account]: /boundary/docs/concepts/domain-model/accounts
[accounts]: /boundary/docs/concepts/domain-model/accounts
[auth method]: /boundary/docs/concepts/domain-model/auth-methods
[global]: /boundary/docs/concepts/domain-model/scopes#global
[group]: /boundary/docs/concepts/domain-model/groups
[groups]: /boundary/docs/concepts/domain-model/groups
[organization]: /boundary/docs/concepts/domain-model/scopes#organizations
[permissions]: /boundary/docs/concepts/security/permissions
[role]: /boundary/docs/concepts/domain-model/roles
[roles]: /boundary/docs/concepts/domain-model/roles
[scope]: /boundary/docs/concepts/domain-model/scopes

## Service API Docs

The following services are relevant to this resource:

- [User Service](/boundary/api-docs/user-service)
